Managing security information in the Voice API

Question

How does Nexmo handle security for Voice API calls?

How can I create a public/private key pair for my Voice app?

Solution

Public-key or asymmetric cryptography is a system where a cryptographic public key is paired with a private key. Data encrypted with one key can only be decrypted by the other key. However, you cannot compute one key using the other. You use asymmetric keys to sign a JSON Web Token (JWT) in order to authenticate your application

You can either generate a key pair in your browser via the Dashboard when creating/managing an application, or locally using the Application API or Nexmo CLI.

When generating the key pair for your application in Dashboard the public key field is automatically populated with the public key and the private key is downloaded as a file (“private.key”) to your device.

To generate a private/public key pair for a new application using Dashboard, please follow the below steps:

To generate a private/public key pair for an existing application using Dashboard, please follow the below steps:

Go to your applications

Click on “Generate key pair”

Please note that when generating a key pair using the “Generate key pair” link in order to protect your security Nexmo does not have access to the private key, and the key pair is generated locally in your browser.